<?php
/**
 * Created by IntelliJ IDEA.
 * User: jimmyhsu
 * Date: 2017/5/8
 * Time: 13:14
 */
include ("../Teacher/db/conn.php");
$username = $_POST['username'];
$password = $_POST['password'];
$course_id = $_POST['course_id'];
$b_id = $_POST['b_id'];
$sql = "select * from userinfo natural join takes where name='$username' and password='" . md5($password) . "' and course_id='$course_id' and position='assistant'";
$result = mysqli_query($cn, $sql);
if (mysqli_num_rows($result) > 0) {
    $sql = "select image_url from bulletin where course_id='$course_id' and b_id=$b_id";
    $result = mysqli_query($cn, $sql);
    $arr = mysqli_fetch_array($result);
    if ($arr['image_url'] != "") {
        $image_url = $arr['image_url'];
        $image_url = substr($image_url, 19);
        unlink($image_url);
    }
    $sql = "delete from bulletin where course_id='$course_id' and b_id=$b_id";
    if (mysqli_query($cn, $sql)) {
        echo "success";
    }
} else {
    die('permission_denied');
}